Legal Victory for healthAlliance: High Court Orders Hewlett-Packard to Provide Access to Encrypted Data

The High Court recently delivered a decisive ruling in the case healthAlliance N.Z. Limited v Hewlett-Packard New Zealand Ltd [2024] NZHC 2725, highlighting the complexities of corporate IT systems, software licensing, and the responsibilities vendors hold in providing ongoing support to customers.

How did we get here?

healthAlliance, a division of Te Whatu Ora – Health New Zealand, purchased 5,000 perpetual licenses for HP’s Consolidated Archive (HPCA) software in 2015 to migrate its data, including sensitive patient information, from an older platform. The licenses were purchased for NZD$40,000. However, in the wake of HP’s corporate restructuring and the transfer of software support to Capax/Zovy, the relationship between the parties soured over data access issues. When healthAlliance wanted to migrate to a new platform, it found itself unable to extract its data from the HPCA system due to encryption and a lack of cooperation from the new vendors. healthAlliance sought the relief of the court to order access to healthAlliance’s crucial encrypted data stored on HP’s software platform.

In response, Capax and Zovy launched their own counterclaim against healthAlliance, alleging that healthAlliance was far exceeding the 5,000 perpetual licenses it was paying for, and were in fact using approximately 193,822 licenses. The total amount claimed for this alleged under-licensing was in excess of USD $6 million.

healthAlliance found itself trapped in a challenging situation after HP’s restructuring and the transfer of its support contracts to Capax/Zovy. At the heart of the case was whether HP and its global successor companies had validly assigned the rights and obligations of the software agreement to Capax/Zovy.

At the Heart of the Case: The Court’s Findings on Assignment

The court addressed the key issue of whether Capax had standing to enforce the software agreement, given the assignment from HP. It was established that while Capax had taken over support duties through a source code licence agreement (SCL Agreement) in 2016, there were gaps in formalising the assignment of the original software agreement from HP to Capax. A subsequent deed executed in 2022 (the 2022 Deed) attempted to remedy the situation by formally assigning all remaining rights to Capax.

The court found that while Capax’s role as the support provider was acknowledged, the original software agreement remained in force between healthAlliance and HP, giving HP ongoing obligations. The assignment of duties to Capax did not absolve HP of its core responsibilities to healthAlliance, particularly regarding data access and migration.

The court ruled that HP was obliged to provide healthAlliance with services to access and decrypt its data, even after the software support had been transitioned to Capax. In a significant victory for healthAlliance, the High Court ordered HP to provide the necessary technical support to ensure the health organisation could retrieve its data in a usable format.

Capax/Zovy were unsuccessful in their counterclaim against healthAlliance.

Vendor Obligations: A Clear Precedent

This ruling reinforces that vendors must ensure transparency and legal clarity when assigning rights and obligations under software agreements, especially during corporate transitions. Importantly, the court ruled that HP retained an implied obligation to assist healthAlliance in extracting its data, a service that could not be denied without formal notice of service termination.

At a high level, the decision highlights that businesses should review any contractual assignments to ensure continuity of services. On the flip side, it further clarifies that global vendors cannot rely on corporate restructuring to evade their obligations under pre-existing contracts, ensuring that customers are not left stranded without access to critical services or their own property.

Takeaways

In a broader context, this case reinforces the importance of contract vigilance and the need for parties to secure rights when engaging with major global vendors to ensure uninterrupted access to vital IT services and data.

This case serves as a crucial reminder for companies to ensure that any assignments or transfers of vendor obligations are not only communicated but formally documented, with clear provisions for the continuity of essential services.

If your organisation needs help to prepare for such a transition, or requires advice relating to a software licence audit, reach out to Corin Maberly. Hamilton Locke is well placed to assist and advise businesses looking to achieve the best outcome in such circumstances.

KEY CONTACTS

Partner, Head of New Zealand